Newly crowned Miss Teen USA Cassidy Wolf is allegedly the latest victim of sextortion.
According to the LA Times, the Federal Bureau of Investigation (FBI) confirmed on Wednesday that it’s investigating claims by Wolf and other women who say that their webcams were hacked, photos or video were taken surreptitiously, and that the hacker or hackers then demanded money in exchange for keeping the photos out of public disclosure.
Wolf, of Orange County, California, was Miss California Teen USA before winning the Miss Teen USA pageant over the weekend at the Atlantis Hotel in the Bahamas.
19-year-old Ms. Wolf has told reporters that prior to being crowned, she received an anonymous email from someone who claimed to have nude photos of her, taken via the webcam on her computer.
Wolf told Today News that about four months ago, Facebook notified her about somebody trying to log into her account from another state.
She then received an email saying that the person had photos of her taken in her bedroom via her computer’s hacked webcam. The person, who hasn’t been named in the ongoing federal investigation, tried to extort her in exchange for keeping the photos from being made public.
As if everyday webcam hacking weren’t shocking enough, this case apparently involves a webcam that was hacked without the telltale camera light coming on to indicate that it was recording.
This is how Ms Wolf tells it:
"I wasn't aware that somebody was watching me [on my webcam]. The [camera] light didn't even go on, so I had no idea."
Is that possible? Can webcams be rigged so as to record without the light coming on?
Sophos Senior Security Advisor Chester Wisniewski has looked at the issue, and he says it depends:
"Some laptops allow you to turn the light on and off in software, others only work physically. I think it is certainly possible, if unlikely."
But if it’s unlikely to suffer a webcam hacking that manages to turn off the camera’s “on” light, plain old vanilla webcam hacking that leaves the light on isn’t very unlikely at all.
In fact, as the BBC reported in June, there’s a thriving black market for access to computers whose webcams have been compromised.
Stolen webcam video of females cost $1 per “slave,” as they’re called. Stolen video of male slaves goes for $1/100 slaves.
As for Ms. Wolf, she has turned her alleged victimization into a crusade. Today News reports that after she was named Miss California, she traveled to schools to raise awareness about cybercrime among teens.
Her advice to teens is to routinely clear their browsing history and change their password into something difficult to guess.
She’s quoted by International Business Times on password hygiene:
"I had the same password for years. But now seeing that someone can hack into my stuff just by downloading an incorrect link, it's very important to change your passwords, delete your cookies."
Having a safe password is absolutely the right way to go. Here’s one way to create one.
I would also suggest to Ms. Wolf that if she’s not telling teens this already, to please urge them against using the same password on multiple sites.
And since multiple hard-to-crack passwords can be tough to wrangle, Ms. Wolf also might want to suggest the use of a password manager, such as KeePass, 1Password or LastPass.
When we report on webcam spying at Naked Security, we typically tell users to keep an eye on the light. That, evidently, won’t stop remote hackers of webcams who manage to turn off the camera light via accessing its software.
But given that, as Chet notes, such a hack is unlikely, it’s still a good idea to keep an eye on the light. Better still, cover it with a patch – a tiny piece of black tape, say, or a sticker or bandage – when you’re not using the camera.
Ms. Wolf, for her part, has said that she’s prepared for another attack by putting a sticker over her webcam when it’s not in use.
Nice going on your cybercrime defense education work, Ms. Wolf, and best of luck with your continued studies, be it with your beloved jazz dancing or the hair-raising world of cybercrime.Follow @NakedSecurity